For many small business owners suffering a recent data breach, their main focus could be worry over how others might use the information that’s been hacked to gain a competitive edge. And while this is an absolutely valid concern, most of the damage done to hacked companies comes from the expense involved in lawsuits, loss of reputation, loss of clients and revenue and, consequently, loss of personnel due to layoffs.
It’s a cascading effect that can go on for years — some small businesses are so devastated by the fallout they go out of business. It’s a mess any way you look at it, but mitigating the damage and avoiding the worst depends on how well you recover from a cyber attack and regain the confidence of clients.
Here are a few must-do for any post-data breach checklist
Cater to your clients
One of the worst parts of a data breach is the potential damage done to your clients and the residual effect on your company. You may need to offer an extended period of identity theft prevention coverage for your clients. And you’ll definitely need to cater to their questions and complaints indefinitely, no matter how irate they get. Remember, you’re not just trying to retain business, you’re attempting to salvage your reputation, which can be extremely difficult to do and worth the extra effort.
Law enforcement agencies have reported an uptick in data breaches launched by disgruntled ex-employees. A former employee who had a high degree of familiarity with your company’s security system may have knowledge that can put you and your customers’ sensitive data at risk. That’s why it’s important to keep a watch on data around the time of an employee separation and to terminate employee accounts as soon as they leave the company.
Your bolstered security system should be based on information about the breach and how it happened and why your data security failed. It could’ve been caused by an angry former employee or a third-party vendor that had too much access to your sensitive information. In any event, you’ll want to upgrade your network and replace old, outdated software. If a phishing attack or some other form of cyber fraud leads to data loss, your next step should be to contact a professional tech support company that can help you identify the source of the problem, learn how it happened and help recover your data. If you’re a small business without an internal IT department, specialists like Secure Data Recovery can fill the gap and help restore your security with as little collateral damage as possible.
Stage a PR offensive
Target sustained a 12 percent drop in profits, which may seem like a drop in the bucket for such a big company, but even Target had to launch an aggressive PR offensive to repair the damage to its reputation. Small businesses generally find it harder to recover from a high-profile loss of sensitive data, so you’re well-advised to put a solid public relations damage control campaign into action.
One of the best things about PR is how effective it can be in helping you do some self-reinventing. For example, you can use your robust new security protocol as the centerpiece of an outreach campaign that positions your company as a responsible and conscientious organization.
Set and Maintain High Cybersecurity Standards
Strengthening preventive measures should be the next step after recovery. Ensure that you and your employees are fully educated on and meet the requirements of federal and state cybersecurity regulations. For example, financial institutions that are covered by the NYDFS Cybersecurity Regulation would do well to read an online guide on what’s needed to maintain effective data protection.
A data breach places tremendous pressure, both financially and socially, on a small business. The economic fallout can continue to cause collateral damage for months, even years, and require the involvement of a data recovery company. Your best defense is a diligent computer security protocol and educating staff on how important it is to follow it to the letter.